RESOLVED FIXED 218976
GraphicsContextGL should have robust multivalue getters
https://bugs.webkit.org/show_bug.cgi?id=218976
Summary GraphicsContextGL should have robust multivalue getters
Kimmo Kinnunen
Reported 2020-11-16 05:11:22 PST
GraphicsContextGL should have robust multivalue getters, otherwise: 1) The GPUP is harder to implement 2) The code contains uninitialised variables and miscalculated receive buffer sizes The getters such as getUniformiv should contain the info about the amount of data in the receive buffer. Currently ANGLE_robust_client_memory has this form of API. We should just use this pattern in the main GraphicsContextGL.
Attachments
Patch (128.64 KB, patch)
2020-11-16 05:22 PST, Kimmo Kinnunen
no flags
Patch (128.79 KB, patch)
2020-11-16 05:25 PST, Kimmo Kinnunen
no flags
Patch (114.05 KB, patch)
2020-11-16 05:31 PST, Kimmo Kinnunen
no flags
Patch (115.60 KB, patch)
2020-11-16 05:38 PST, Kimmo Kinnunen
no flags
Patch (117.39 KB, patch)
2020-11-16 05:48 PST, Kimmo Kinnunen
ews-feeder: commit-queue-
Patch (116.41 KB, patch)
2020-11-16 06:06 PST, Kimmo Kinnunen
no flags
Patch (108.85 KB, patch)
2020-11-16 06:09 PST, Kimmo Kinnunen
no flags
Patch (113.49 KB, patch)
2020-11-16 12:34 PST, Kimmo Kinnunen
no flags
Patch (113.95 KB, patch)
2020-11-16 22:02 PST, Kimmo Kinnunen
no flags
Patch (115.06 KB, patch)
2020-11-16 23:12 PST, Kimmo Kinnunen
ews-feeder: commit-queue-
Patch (118.17 KB, patch)
2020-11-16 23:25 PST, Kimmo Kinnunen
ews-feeder: commit-queue-
Patch (118.04 KB, patch)
2020-11-16 23:37 PST, Kimmo Kinnunen
no flags
Patch (118.61 KB, patch)
2020-11-18 00:58 PST, Kimmo Kinnunen
no flags
Patch (118.61 KB, patch)
2020-11-18 00:59 PST, Kimmo Kinnunen
no flags
Kimmo Kinnunen
Comment 1 2020-11-16 05:22:29 PST
Kimmo Kinnunen
Comment 2 2020-11-16 05:25:05 PST
Kimmo Kinnunen
Comment 3 2020-11-16 05:31:08 PST
Kimmo Kinnunen
Comment 4 2020-11-16 05:38:12 PST
Kimmo Kinnunen
Comment 5 2020-11-16 05:48:04 PST
Kimmo Kinnunen
Comment 6 2020-11-16 06:06:08 PST
Kimmo Kinnunen
Comment 7 2020-11-16 06:09:03 PST
Simon Fraser (smfr)
Comment 8 2020-11-16 08:24:46 PST
Comment on attachment 414229 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=414229&action=review > Source/WebCore/ChangeLog:10 > + the value is a normal the return value. This reduces the risk > + of having uninitialized receive location. Some words missing here. > Source/WebCore/ChangeLog:17 > + Add GCGLSpan type that is used to communicate pair: ptr, number of "Span" is a really odd name for this. Does no existing WTF type work here? > Source/WebCore/platform/graphics/GraphicsContextGL.h:994 > + virtual void getFloatv(GCGLenum pname, GCGLSpan<GCGLfloat> value) = 0; > + virtual void getIntegerv(GCGLenum pname, GCGLSpan<GCGLint> value) = 0; Can we rely on the return-value optimization to just return GCGLSpan<>? > Source/WebCore/platform/graphics/GraphicsContextGL.h:998 > + virtual void getBooleanv(GCGLenum pname, GCGLSpan<GCGLboolean> value) = 0; Ditto
Kimmo Kinnunen
Comment 9 2020-11-16 11:40:00 PST
(In reply to Simon Fraser (smfr) from comment #8) > > Source/WebCore/ChangeLog:17 > > + Add GCGLSpan type that is used to communicate pair: ptr, number of > > "Span" is a really odd name for this. Does no existing WTF type work here? I've always interpreted it so that a 'span' is a standard name to a view into array memory. Standard as in std::span. As in, if you're going to implement the concept, it's going to be called "span". I couldn't find a corresponding type.. > > > Source/WebCore/platform/graphics/GraphicsContextGL.h:994 > > + virtual void getFloatv(GCGLenum pname, GCGLSpan<GCGLfloat> value) = 0; > > + virtual void getIntegerv(GCGLenum pname, GCGLSpan<GCGLint> value) = 0; > > Can we rely on the return-value optimization to just return GCGLSpan<>? Span doesn't own anything. It's a view into something owned by somebody. With this and previous comment, do you mean following: GCGLuint value[4] = {0}; m_context->getUniformuiv(program.object(), location, value); -> WTF::Vector<GCGLuint> value = m_context->getUniformuiv(program.object(), location, 4); It's a bit redundant, but if you think that's the way to go, I can do it that way.
Kimmo Kinnunen
Comment 10 2020-11-16 11:51:13 PST
Also, the related but not strictly related to this patch: Output calls are going to be of form uniform4fv(..., GCGLSpan<GCGLfloat, 4> value) Having those as WTF::Vectors is a bit redundant Having those as std::array<GCGLfloat, 4> is copying a bit Then there are call like bufferData(..., GCGLSpan<GCGLvoid>) Having this as WTF::Vector might be a quite a bit copying..
Simon Fraser (smfr)
Comment 11 2020-11-16 11:56:11 PST
(In reply to Kimmo Kinnunen from comment #9) > (In reply to Simon Fraser (smfr) from comment #8) > > > Source/WebCore/ChangeLog:17 > > > + Add GCGLSpan type that is used to communicate pair: ptr, number of > > > > "Span" is a really odd name for this. Does no existing WTF type work here? > > I've always interpreted it so that a 'span' is a standard name to a view > into array memory. Standard as in std::span. As in, if you're going to > implement the concept, it's going to be called "span". I couldn't find a > corresponding type.. OK, I wasn't familiar with std::span. > > > Source/WebCore/platform/graphics/GraphicsContextGL.h:994 > > > + virtual void getFloatv(GCGLenum pname, GCGLSpan<GCGLfloat> value) = 0; > > > + virtual void getIntegerv(GCGLenum pname, GCGLSpan<GCGLint> value) = 0; > > > > Can we rely on the return-value optimization to just return GCGLSpan<>? > > Span doesn't own anything. It's a view into something owned by somebody. > With this and previous comment, do you mean following: > > GCGLuint value[4] = {0}; > m_context->getUniformuiv(program.object(), location, value); I meant changing the signatures to: virtual GCGLSpan<GCGLfloat> getFloatv(GCGLenum pname) = 0; virtual GCGLSpan<GCGLint> getIntegerv(GCGLenum pname) = 0;
Kimmo Kinnunen
Comment 12 2020-11-16 12:34:44 PST
Kenneth Russell
Comment 13 2020-11-16 15:22:27 PST
Comment on attachment 414269 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=414269&action=review The failures of gl-object-get-calls and some of the other conformance tests indicate something's going wrong with the multi-value getters - could you investigate those and comment here when this patch is fixed? > Source/WebCore/html/canvas/WebGL2RenderingContext.cpp:2521 > + m_context->getActiveUniformBlockiv(program.object(), uniformBlockIndex, pname, params); As discussed on the Slack channel - good catch on this fix. Did this fix any WebGL conformance tests? If not then could you please file an issue about expanding the conformance tests around UNIFORM_BLOCK_ACTIVE_UNIFORM_INDICES on https://github.com/KhronosGroup/WebGL ?
Kimmo Kinnunen
Comment 14 2020-11-16 22:02:43 PST
Kimmo Kinnunen
Comment 15 2020-11-16 22:45:02 PST
(In reply to Kenneth Russell from comment #13) > > Source/WebCore/html/canvas/WebGL2RenderingContext.cpp:2521 > > + m_context->getActiveUniformBlockiv(program.object(), uniformBlockIndex, pname, params); > > As discussed on the Slack channel - good catch on this fix. Did this fix any > WebGL conformance tests? If not then could you please file an issue about > expanding the conformance tests around UNIFORM_BLOCK_ACTIVE_UNIFORM_INDICES > on https://github.com/KhronosGroup/WebGL ? I think it's just a cosmetic fix -- there was no real bug. So the case was in the spirit of: We have one int slot. We want a uniform property that fills one in int slot. We give the int slot to ANGLE: "Here are int slots, write the property here, the amount of int slots is 4". (<-- bug here, we thought we say "one slot", but actually said "4 slots".). ANGLE checks that 4 is bigger than one and writes one int in one slot. So the case was that we claimed our buffer is bigger than it was, but it does not matter since the value written to the buffer is the size of the buffer. I'm not sure the bug would be testable from webgl level. There is inverse of this bug marked in the patch as FIXME:s : ANGLE validates bufSize of Uniform*vRobustANGLE with the logic of bufSize of nUniformEXT. That shouldn't be testable from webgl level either. I'll submit a patch for that if nobody does that before I get around doing it.
Kimmo Kinnunen
Comment 16 2020-11-16 23:12:28 PST
Kimmo Kinnunen
Comment 17 2020-11-16 23:25:10 PST
Kimmo Kinnunen
Comment 18 2020-11-16 23:37:41 PST
Simon Fraser (smfr)
Comment 19 2020-11-17 08:47:36 PST
Comment on attachment 414313 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=414313&action=review > Source/WebCore/platform/graphics/GraphicsTypesGL.h:72 > + T& operator*() { ASSERT(data); return *data; } Extra space. Should these be release asserts? > Source/WebCore/platform/graphics/GraphicsTypesGL.h:92 > + T& operator[](size_t i) { ASSERT(data); ASSERT(i < bufSize); return data[i]; } > + T& operator*() { ASSERT(data); return *data; } Release asserts? > Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp:1973 > + // FIXME: Bug in ANGLE bufSize validation for uniforms. Reference a bug number? > Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp:1982 > + // FIXME: Bug in ANGLE bufSize validation for uniforms. Reference a bug number? > Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp:1991 > + // FIXME: Bug in ANGLE bufSize validation for uniforms. Reference a bug number?
Darin Adler
Comment 20 2020-11-17 10:30:27 PST
Comment on attachment 414313 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=414313&action=review >> Source/WebCore/platform/graphics/GraphicsTypesGL.h:72 >> + T& operator*() { ASSERT(data); return *data; } > > Extra space. Should these be release asserts? Likely valuable to have a buffer overrun assertion be a release assertion. Perhaps less helpful to have the null check be a release assertion?
Kenneth Russell
Comment 21 2020-11-17 14:06:46 PST
(In reply to Kimmo Kinnunen from comment #15) > (In reply to Kenneth Russell from comment #13) > > > Source/WebCore/html/canvas/WebGL2RenderingContext.cpp:2521 > > > + m_context->getActiveUniformBlockiv(program.object(), uniformBlockIndex, pname, params); > > > > As discussed on the Slack channel - good catch on this fix. Did this fix any > > WebGL conformance tests? If not then could you please file an issue about > > expanding the conformance tests around UNIFORM_BLOCK_ACTIVE_UNIFORM_INDICES > > on https://github.com/KhronosGroup/WebGL ? > > I think it's just a cosmetic fix -- there was no real bug. > So the case was in the spirit of: > We have one int slot. > We want a uniform property that fills one in int slot. > We give the int slot to ANGLE: "Here are int slots, write the property > here, the amount of int slots is 4". (<-- bug here, we thought we say "one > slot", but actually said "4 slots".). > ANGLE checks that 4 is bigger than one and writes one int in one slot. > > So the case was that we claimed our buffer is bigger than it was, but it > does not matter since the value written to the buffer is the size of the > buffer. > > I'm not sure the bug would be testable from webgl level. > > > There is inverse of this bug marked in the patch as FIXME:s : > ANGLE validates bufSize of Uniform*vRobustANGLE with the logic of bufSize of > nUniformEXT. That shouldn't be testable from webgl level either. I'll submit > a patch for that if nobody does that before I get around doing it. Thanks for the clarification - I see. Given that, don't worry about new tests.
Kimmo Kinnunen
Comment 22 2020-11-18 00:58:24 PST
Kimmo Kinnunen
Comment 23 2020-11-18 00:59:54 PST
EWS
Comment 24 2020-11-18 04:26:00 PST
Committed r269952: <https://trac.webkit.org/changeset/269952> All reviewed patches have been landed. Closing bug and clearing flags on attachment 414428 [details].
Radar WebKit Bug Importer
Comment 25 2020-11-18 04:26:22 PST
Note You need to log in before you can comment on or make changes to this bug.